Deep Network Analyzer (DNA)
Home

Description

DNA is an open, flexible and extensible deep network analyzer (software server) and architecture for gathering and analyzing network packets, network sessions and applications protocols, passively off enterprise class networks. DNA is designed to be used for Internet Security, Intrusion detection, Network Management, Protocol and Network Analysis, Information Gathering, Network Monitoring applications

DNA runs as a distributed application under a Java Virtual Machine (JVM) environment and is portable across many OS environments, including: Network appliances, Switches and Routers.

Features:
  • Deep packet and session processing (layers 2-7)
  • Configurable processing and output:
    • Layer 4 Packet flows
    • Layer 4-7 Stateful Sessions flows (client/server flow pairs)
    • Layer 7 Packet and Session Application protocol Parsing (HTTP, DNS, P2P, VoIP, etc)
  • Application protocol parsing toolkit enables easy devlopment of new new protocol parsers.
  • Support for both symmetric and asymmetric routing links.
  • Targeting based full session capture facility, like a real time targeted TCPDump.
    • Flexible targeting from IP address, port tuple to application sensitive targeting.
  • Configurable and extensible output adaptor utilizing OpenAdaptor able to send output to a varity of resources including: Flat file, Oracle, MySQL, MSSQL, Sybase, Sockets, JMS, RMI, WebService.
  • Extensible real time collection engine portable across many OS/Packet processing environment :
    • Specialized linux drivers mechanisms
    • Network Appliances
    • Network Switches / Routers
  • Highly paralleliszed for increased performance over multi processor environment
  • System metadata dictionary externalizes processing type definition
OS/Environment:
  • Linux/Unix Operating Systems
  • Win32 (2k, XP, 2003, etc)
Collection:
  • Live capture via Netfilter.
    • Supports wired and wireless LAN's (WiFi)
    • Standard Netfilter support (for NAT devices, routers, etc)
    • Promiscuous mode patch support (for passive monitoring appliances)
  • Live capture directly from device(via pcap/winpcap)
    • Supports wired and wireless LANS's
    • Layer 2 Ethernet / Layer2 Encapsulation (PPOE)
  • Batch file based processing though Java PCAP.

Layer 7 Protocol Parsers:

  • Http
  • Static Port Packet Capture
 
Project News